Arch Linux

115 readers

2 users here now

Discussion community about the Arch Linux distro.

Wiki : https://wiki.archlinux.org/

Site : https://archlinux.org/

Packages : https://archlinux.org/packages/

GitLab : https://gitlab.archlinux.org/archlinux

Downloads : https://archlinux.org/download/

founded 8 months ago

MODERATORS

LinearArray

[Question] Encrypted Partition Unlock via Root Unlocking (self.arch)

submitted 1 month ago by recursive_recursion to c/arch

1 comments fedilink hide all child comments

For context:
I've encrypted the swap partition with:

cryptsetup -v luksFormat /dev/${DEVICE}
cryptsetup luksOpen /dev/${DEVICE} swap

And what I want is for the user to be able to enter their password only once to decrypt their root partition which would contain a keyfile to then decrypt their swap partition.

Does anyone know if this is possible?
Just thought I'd ask to see if anyone's done this already

Links:

top 1 comments

sorted by: hot top controversial new old

[–] [email protected] 1 points 1 month ago

Use a different encryption key for your swap partition, then put that in a file on your (encrypted) root. In /etc/crypttab, where you list the encrypted partition and the device name for the unencrypted view, you can list the key file too. That way the swap partition will be automatically decrypted during the boot process and before swap is enabled.

I believe there may be issues resuming from suspend doing this, but I've not tested that.